Privacy Policy

Last updated: 22 April 2025

1. Introduction

Welcome to Lisa ("we", "us", or "our"). We provide a software platform that enables users to create, manage, and analyze advertising campaigns via Meta/Facebook Marketing & Business APIs and to generate creative content using OpenAI, Anthropic, Blackforest Labs and Gemini APIs (the "Services").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Services, visit our website located at https://lisaff.com, or otherwise interact with us. Nothing in this document limits any disclaimer or limitation of liability contained in our Terms of Service. To the extent of any conflict, the Terms of Service prevail.

We comply with all applicable privacy laws, including (where relevant):

• EU & UK General Data Protection Regulation (GDPR & UK GDPR)
• Lei Geral de Proteção de Dados (LGPD - Brazil)
• Children's Online Privacy Protection Act (COPPA)
• Any other local data-protection regulations in the jurisdictions where we operate

2. Information We Collect

2.1 Information You Provide

• Account & Profile Data. Name, email address, password (hash), billing details, preferred language, and other information you provide when creating an account.
• Facebook/Meta Credentials. OAuth access tokens, ad-account IDs, page IDs, business IDs, permissions, and any advertising assets (ad sets, creatives, audiences, etc.) retrieved via the Marketing & Business APIs.
• Creative Content. Text prompts, images, or other materials you submit to the Services through our platform, and the resulting AI-generated outputs.
• Support & Communications. Content of messages, emails, or other communications you send to us.

2.2 Information Collected Automatically

• Usage Data. Logs of API requests, ad-creation events, campaign metrics retrieved, and interactions with the user interface.
• Device & Technical Data. IP address, browser type, operating system, device identifiers, and cookies or similar technologies (see Section 9).

2.3 Information from Third Parties

We receive information from Meta Platforms, Inc. ("Meta") pursuant to our integration with the Facebook Graph/Marketing APIs, and from the Services when processing your prompts through their APIs.

3. How We Use Your Information

• To authenticate you and operate the Services.
• To create, manage, monitor, and optimize advertising campaigns on your behalf.
• To generate ad creatives, copy, and insights using the Services' AI models.
• To analyze performance data and provide reporting dashboards.
• To improve, test, and enhance the Services, including via aggregated analytics.
• To communicate with you about updates, security alerts, and customer-support issues.
• To comply with legal obligations, enforce our Terms of Service, and protect our rights.

4. Legal Bases for Processing (GDPR & LGPD)

Where the GDPR or LGPD applies, our legal bases include:

• Performance of a Contract - Providing the Services you request.
• Legitimate Interests - Improving and securing our platform, preventing fraud, and sharing limited data with sub-processors.
• Consent - Sending marketing communications and, where required, using cookies (see Section 9).
• Legal Obligation - Compliance with applicable laws.

5. How We Share Your Information

• Service Providers & Sub-Processors. Cloud hosting, analytics, and customer-support vendors that process data on our behalf under confidentiality agreements and data-processing addenda.
• Meta / Facebook. When you use our features to manage ad accounts, we transmit data to and receive data from Meta in accordance with their Platform Terms and any applicable marketing-API policies. Your use of Meta properties is solely governed by Meta's terms.
• Services. We send your prompts to the Services' APIs for the sole purpose of generating requested outputs. We enable the "no-training" / "no-data-retention" options whenever available. We do not control or guarantee the accuracy, legality, or safety of the generated content.
• Legal & Safety. We may disclose information if required to do so by law or to protect rights, safety, or property of you, us, or others.
• Business Transfers. In connection with a merger, acquisition, or asset sale, your data may be transferred, subject to the same privacy commitments.

6. International Data Transfers

We operate globally. If we transfer personal data outside your jurisdiction, we use lawful mechanisms such as Standard Contractual Clauses (SCCs), the UK Addendum, or LGPD-compliant contractual clauses.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law. Access tokens are refreshed or deleted when you disconnect your account. Prompt data and AI outputs may be retained for up to 365 days for debugging and audit logs, after which they are pseudonymized or deleted.

8. Your Privacy Rights

8.1 EU / UK / Brazilian Data Subjects

You may have the right to access, correct, delete, restrict, or port your personal data, and to object to certain processing or withdraw consent.

8.2 Exercising Rights

Submit requests via email to privacy@lisaff.com or through in-app settings. We will verify your identity before fulfilling any request.

9. Cookies & Tracking Technologies

We use cookies and local-storage technologies to:

• Maintain session authentication
• Remember user preferences
• Measure usage and performance analytics

Where required, we obtain your consent for the use of non-essential cookies through a cookie banner.

10. Children's Privacy

Our Services are not directed to children under 13 years of age (or equivalent minimum age in relevant jurisdictions). We do not knowingly collect personal information from children. If you become aware that a child has provided us personal data, please contact us and we will delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy and updating the Last Updated date. Continued use of the Services after such changes constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: privacy@lisaff.com